paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Netfilter] Use Redis master if set

master
andryyy 2020-02-05 10:57:14 +01:00
parent c8b9f2b36c
commit 423104db61
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
1 changed files with 16 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
data/Dockerfiles/netfilter/server.py
View File

@ -18,7 +18,12 @@ import dns.exception
while True: while True:
try: try:
r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0) redis_slaveof_ip = os.getenv('REDIS_SLAVEOF_IP', '')
redis_slaveof_port = os.getenv('REDIS_SLAVEOF_PORT', '')
if "".__eq__(redis_slaveof_ip):
r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0)
else:
r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0)
r.ping() r.ping()
except Exception as ex: except Exception as ex:
print('%s - trying again in 3 seconds' % (ex)) print('%s - trying again in 3 seconds' % (ex))
@ -139,7 +144,6 @@ def ban(address):
if temp_whitelist: if temp_whitelist:
for wl_key in temp_whitelist: for wl_key in temp_whitelist:
wl_net = ipaddress.ip_network(wl_key, False) wl_net = ipaddress.ip_network(wl_key, False)
if wl_net.overlaps(self_network): if wl_net.overlaps(self_network):
logInfo('Address %s is whitelisted by rule %s' % (self_network, wl_net)) logInfo('Address %s is whitelisted by rule %s' % (self_network, wl_net))
return return
@ -215,7 +219,6 @@ def unban(net):
def permBan(net, unban=False): def permBan(net, unban=False):
global lock global lock
if type(ipaddress.ip_network(net, strict=False)) is ipaddress.IPv4Network: if type(ipaddress.ip_network(net, strict=False)) is ipaddress.IPv4Network:
with lock: with lock:
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'MAILCOW') chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'MAILCOW')
@ -393,13 +396,11 @@ def genNetworkList(list):
resolver = dns.resolver.Resolver() resolver = dns.resolver.Resolver()
hostnames = [] hostnames = []
networks = [] networks = []
for key in list: for key in list:
if isIpNetwork(key): if isIpNetwork(key):
networks.append(key) networks.append(key)
else: else:
hostnames.append(key) hostnames.append(key)
for hostname in hostnames: for hostname in hostnames:
hostname_ips = [] hostname_ips = []
for rdtype in ['A', 'AAAA']: for rdtype in ['A', 'AAAA']:
@ -413,64 +414,47 @@ def genNetworkList(list):
except dns.exception.DNSException as dnsexception: except dns.exception.DNSException as dnsexception:
logInfo('%s' % dnsexception) logInfo('%s' % dnsexception)
continue continue
for rdata in answer: for rdata in answer:
hostname_ips.append(rdata.to_text()) hostname_ips.append(rdata.to_text())
networks.extend(hostname_ips) networks.extend(hostname_ips)
return set(networks) return set(networks)
def whitelistUpdate(): def whitelistUpdate():
global lock global lock
global quit_now global quit_now
global WHITELIST global WHITELIST
while not quit_now: while not quit_now:
start_time = time.time() start_time = time.time()
list = r.hgetall('F2B_WHITELIST') list = r.hgetall('F2B_WHITELIST')
new_whitelist = [] new_whitelist = []
if list: if list:
new_whitelist = genNetworkList(list) new_whitelist = genNetworkList(list)
with lock: with lock:
if Counter(new_whitelist) != Counter(WHITELIST): if Counter(new_whitelist) != Counter(WHITELIST):
WHITELIST = new_whitelist WHITELIST = new_whitelist
logInfo('Whitelist was changed, it has %s entries' % len(WHITELIST)) logInfo('Whitelist was changed, it has %s entries' % len(WHITELIST))
time.sleep(60.0 - ((time.time() - start_time) % 60.0)) time.sleep(60.0 - ((time.time() - start_time) % 60.0))
def blacklistUpdate(): def blacklistUpdate():
global quit_now global quit_now
global BLACKLIST global BLACKLIST
while not quit_now: while not quit_now:
start_time = time.time() start_time = time.time()
list = r.hgetall('F2B_BLACKLIST') list = r.hgetall('F2B_BLACKLIST')
new_blacklist = [] new_blacklist = []
if list: if list:
new_blacklist = genNetworkList(list) new_blacklist = genNetworkList(list)
if Counter(new_blacklist) != Counter(BLACKLIST): if Counter(new_blacklist) != Counter(BLACKLIST):
addban = set(new_blacklist).difference(BLACKLIST) addban = set(new_blacklist).difference(BLACKLIST)
delban = set(BLACKLIST).difference(new_blacklist) delban = set(BLACKLIST).difference(new_blacklist)
BLACKLIST = new_blacklist BLACKLIST = new_blacklist
logInfo('Blacklist was changed, it has %s entries' % len(BLACKLIST)) logInfo('Blacklist was changed, it has %s entries' % len(BLACKLIST))
if addban: if addban:
for net in addban: for net in addban:
permBan(net=net) permBan(net=net)
if delban: if delban:
for net in delban: for net in delban:
permBan(net=net, unban=True) permBan(net=net, unban=True)
time.sleep(60.0 - ((time.time() - start_time) % 60.0)) time.sleep(60.0 - ((time.time() - start_time) % 60.0))
def initChain(): def initChain():
@ -501,7 +485,6 @@ def initChain():
if rule not in chain.rules: if rule not in chain.rules:
chain.insert_rule(rule) chain.insert_rule(rule)
if __name__ == '__main__': if __name__ == '__main__':
# In case a previous session was killed without cleanup # In case a previous session was killed without cleanup